security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
6,113 Commits 1 Branch 57 Tags
5f6c19f203d7d0910d7ef9ed160302cbcc191d7a
Commit Graph

6113 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jonhnathan 5f6c19f203 Update Threat Hunter Playbook Reference 2021-05-22 01:02:19 -03:00
Jonhnathan 627a83914a Update Threat Hunter Playbook Reference 2021-05-22 01:01:33 -03:00
Jonhnathan 3853d71c56 Update Threat Hunter Playbook Reference 2021-05-22 01:01:07 -03:00
Jonhnathan e218c32a4c Update Threat Hunter Playbook Reference 2021-05-22 01:00:39 -03:00
Jonhnathan 1b32a5c0f3 Update Threat Hunter Playbook Reference 2021-05-22 00:59:54 -03:00
Jonhnathan 93087d2130 Update Threat Hunter Playbook Reference 2021-05-22 00:59:35 -03:00
Jonhnathan d3afed53ac Update Threat Hunter Playbook Reference 2021-05-22 00:59:04 -03:00
Jonhnathan 7007287832 Update Threat Hunter Playbook Reference 2021-05-22 00:58:23 -03:00
Jonhnathan 2e139b4264 Update win_protected_storage_service_access.yml 2021-05-22 00:57:25 -03:00
Jonhnathan 085218b25a Update Threat Hunter Playbook Reference 2021-05-22 00:57:01 -03:00
Jonhnathan 3fb5f1c47e Update Threat Hunter Playbook Reference 2021-05-22 00:56:32 -03:00
Jonhnathan 943e2c8c88 Update Threat Hunter Playbook Reference 2021-05-22 00:56:03 -03:00
Jonhnathan 9765fcbd0c Update Threat Hunter Playbook Reference 2021-05-22 00:55:29 -03:00
Jonhnathan e23147111b Update Threat Hunter Playbook Reference 2021-05-22 00:54:57 -03:00
Florian Roth a0efd7a4dc Merge pull request #1494 from Karneades/patch-1 
Add keyword WinRM to remote powershell rules
 2021-05-21 10:35:18 +02:00
Andreas Hunkeler e58c59dcfd Update modified field in WinRM rule 2021-05-21 09:29:11 +02:00
Andreas Hunkeler d8ec5fa6af Add modified field in WinRM rule 2021-05-21 09:28:45 +02:00
Florian Roth a30391f3b4 Merge pull request #1495 from SigmaHQ/rule-devel 
rule refactoring: Cobalt Strike service start
 2021-05-20 17:43:29 +02:00
Florian Roth a34949c7fb Merge pull request #1493 from Karneades/WinRM 
rule: add rule to detect shell spawn from WinRM host process
 2021-05-20 17:35:06 +02:00
Andreas Hunkeler 93241e7fc6 Add keyword WinRM to remote powershell process rule 2021-05-20 17:03:32 +02:00
Andreas Hunkeler b46f65965d Add keyword WinRM to remote powershell network rule 2021-05-20 17:02:17 +02:00
Andreas Hunkeler 3763e54b99 Add keyword WinRM to remote powershell process rule 2021-05-20 17:00:25 +02:00
Andreas Hunkeler 226a666827 rule: add rule to detect shell spawn from WinRM host process 2021-05-20 16:05:13 +02:00
Florian Roth ebac8a098f rule refactoring: Cobalt Strike service start 2021-05-20 10:05:12 +02:00
Florian Roth 18bbb2a342 Merge pull request #1490 from frack113/ElasticSearchRuleBackend 
FIx ElasticSearchRuleBackend to use uuid instead of title for the rule id
 2021-05-18 20:01:25 +02:00
frack113 3b23c18f70 If not null use uuid instead of title for the rule id 2021-05-17 22:12:17 +02:00
Florian Roth 5a3af872d8 Merge pull request #1479 from SigmaHQ/rule-devel 
Rule devel, Trademark test
 2021-05-15 13:42:34 +02:00
Florian Roth 9b32e72d0b fix: syntax issue 2021-05-15 13:19:12 +02:00
Florian Roth 02bf32ce6c fixed more legal issues 2021-05-15 13:09:08 +02:00
Florian Roth 526ab4f707 feat: trademark test case 2021-05-15 13:02:49 +02:00
Florian Roth 48757423ef rule darkside patterns 2021-05-14 18:06:53 +02:00
Florian Roth a655c5c1a0 update ngrok rule 2021-05-14 17:44:53 +02:00
Florian Roth e4a1ce4498 rule: ngrok rdp port exposure 2021-05-14 17:34:52 +02:00
Florian Roth 3cf1be9e8d rule: exchange vulnerability CVE-2021-28480 2021-05-14 10:08:41 +02:00
Florian Roth 691283616f Merge pull request #1477 from wagga40/master 
Resolves #1450 - Bug in es-rule backend when using "-r" argument
 2021-05-14 09:00:30 +02:00
Florian Roth bd81adc998 Merge pull request #1476 from wagga40/master 
Change to have raw log in rule results with SQL/SQlite Backends
 2021-05-14 08:59:57 +02:00
Florian Roth 30bee7204c Merge pull request #1475 from wagga40/master 
Modified some field values for case sensitive backends (SQL)
 2021-05-14 08:59:39 +02:00
Florian Roth 83068416fa Merge pull request #1458 from P4rtyH4RD/P4rtyH4RD-patch-1-mitre-code 
Update powershell_suspicious_getprocess_lsass.yml
 2021-05-14 08:59:14 +02:00
Florian Roth 09e32ae02e Merge pull request #1474 from frack113/Check_category 
Check category
 2021-05-14 08:58:46 +02:00
wagga40 534898a3ce Resolves #1450 - Bug in es-rule backend when using "-r" argument 2021-05-13 21:47:22 +02:00
wagga40 972f7a562b Updated SQL/SQLite backend tests 2021-05-13 17:51:54 +02:00
wagga40 5e99379803 Change to have raw log in rule results with SQL/SQlite Backends 2021-05-13 15:01:52 +02:00
wagga40 8944ccea04 Modified some field values for case sensitive backends (SQL) 2021-05-13 06:19:04 +02:00
frack113 cccfb3e59e file_event is a category 2021-05-12 09:05:52 +02:00
frack113 0fd8606e00 image_load is a category 2021-05-12 09:02:04 +02:00
frack113 fa72242ff0 image_load is a category 2021-05-12 08:59:51 +02:00
frack113 ecc0fcb082 process_creation is a category 2021-05-12 08:57:57 +02:00
frack113 cf0a710b4d process_creation is a category 2021-05-12 08:55:35 +02:00
frack113 70a5c8bb5f registry_event is a category 2021-05-12 08:51:38 +02:00
frack113 026320f613 registry_event is a category 2021-05-12 08:36:42 +02:00